History of
Hacking
Over the past years we have seen many big hacking case
studies which lead us to think seriously about cyber crime world. Some of the
stories I want to share with you.
Moonlight Maze:
Although the feds aren't talking publicly about a three-years-plus cyber-attack
believed to be coming from Russia, a member of the U.S. National Security
Agency's Advisory Board says the case, dubbed "Moonlight Maze,"
reveals huge cracks in the U.S. government's defense system. The Moonlight Maze
stealth attack, which has targeted sensitive but unclassified information since
it was launched in March 1998, is the "largest sustained cyber-attack"
on the U.S., according to Adams. (Abreu, 2001)
Titan Rain: Chinese hackers, some believed to
be from the People's Liberation Army, have been attacking the computer networks
of British government departments, the Guardian has learned. The disclosures
came after reports that the Chinese military had hacked into a Pentagon
military computer network in June. The incidents should be seen against the
background of the forthcoming 17th Chinese Communist party congress, which
could determine the next generation of leaders, and the PLA keen to flex its
muscles, Mr. Neill suggested.
Aurora
Experiment : A video was leaked to the press
in late September 2007 showing exactly that scene. The simulated attack, named
the Aurora Generator Test, took place in March 2007 by researchers
investigating supervisory control and data acquisition (SCADA) system
vulnerabilities at utility companies. DOE established the National SCADA Test
Bed Program and developed a 10-year strategic framework for securing control
systems in the energy sector. (Burkhart, 2008)
DDOS Attack on
Estonia: He
stared at the error message: For some reason, the site for Estonia's leading
newspaper, the Postimees, wasn't responding. Around dawn on April 27 — after an
overnight meeting of the nation's crisis commission — the Estonian government
removed a 6-foot-tall bronze statue in downtown Tallinn, the capital of
Estonia. But the fighting died down quickly; hundreds of people were arrested,
the windows were repaired, and street sweepers had cleaned up everything from
the morning of April 28. From his office at the top of one of Tallinn's highest
buildings, the 31-year-old had spent the past few years serving up a million page
views a day, roughly comparable to the traffic in the Seattle
Post-Intelligencer. But now his paper's servers were being swamped with 2.3 million
page views and had already crashed 20 times. He's proof that the geeks have
triumphed in this country of 1.3 million. Some 40 percent read a newspaper
online daily, more than 90 percent of bank transactions are done over the
Internet, and the government has embraced online voting. (Davis, 2007)
Apart from all these attacks we have also seen “Operation Payback in year 2010”, “Stunex Virus, 2010” etc...
Cyber Intelligence
Intelligence is a very broad term. It can be defined as a
logic, thinking, self-awareness, acting something. We can say that intelligence means problem
solving skills. It is a method of learning quickly. Well its very wide and
general term. Talking about computer, internet, cyber world’s intelligence, I
can define that via below mind map. Generally cyber intelligence is categorized
in 2 parts. The below picture clears the view of it.
As we can see we have to see both terms of intelligence.
Which are important factors within it and what kind of practical operations we
can do with intelligence? So it’s very clear that we do intelligence gathering
for obtaining those sensitive information of your opponent target (target can
be any nation, individual, network, organization or any agent) which can be
exploitable via intelligence operations. Intelligence operation mostly covers
the things which I have mentioned in the figure. It can be an ethical way or
non-ethical way depends on the situation. Mostly intelligence operations are
done for self-depending and self-awareness. If any of these operation‘s motive
is demolished, influencing, or something like that, then it would surely be an
unethical way. (Wikipedia)
What We Have & What Yet To Be Developed ?
By seeing past few years’ hacking activity, it can be
said that in the upcoming days, on field battle is going to disappear and
online battle will begin. It clearly says that, small bunch of hackers will be
considered more powerful against thousands of army people on the field. That is
likely to be happening. Watching at current scenario I can say that:
We Have : Script kiddies, Crackers,
Under
Development : Ethical hackers, Skilled hackers
Yet To Be Developed : Cyber
warrior, Nation’s Spy, Government Agent,
Militar, Intelligence
Security Analyst,
These are the resources we have and we need to build
within our nations. Many of you will say USA had their military intelligence
analyst and etc.. Yes it is certainly true but this scenario focuses on whole world
country. The majority of the country is in this phase only.
Worldwide Status
Over the years we are used to play and see around these
words starting from 198x to 2012. And those words are information security, firewall, pen testing, IDS, IPS, web application
security, SCADA security, Botnets & DDOS.
From now onwards to upcoming years you will be watching
only these below words which I am going to describe. Words will likely be, Next generation cybercrime, Next generation
warfare, cyber war, information warfare.
In the 70’s people
were inspired with this ‘Hacking’ word and they started adopting those things
just for knowledge purpose. In 80’s curiosity
of learning hacking, became a trend. In 90’s,
hacking took people to whole new big level. People in 90 are used to hack for
anger/revenge. They became angrier in today’s time. People made a small group
of hackers, activists who are hacking for protesting things behalf of the
nation’s people. Thus cyber warfare comes into play. (The Next
Generation Of CyberCrime : How its evolved; Where it's going)
Building Nation’s Powerful Cyber Army
This is very essential process and very unique process.
Nation or organization recruits their cyber army without any proper
methodology. I have a proper methodology. This is just my opinion and view. It
doesn’t mean that it has to be right. I was reading an article of miller and
came to know about my views. So here is the procedure that how you can build
your nation’s cyber army.
1. The
first step is very common as we are doing in penetration testing. Its information gathering. The only thing
is different in this is, which information we need to gather. Firstly, we have
to check which kind of threat we are facing in our country such as massive Ddos
attacks, mass deface of websites, loosing private confidential information
etc.. This is very crucial step because our ultimate aim of building a digital
army is to fight with such kind of problems. You might have heard the word
“Engage” between start of any fight. It’s usually said by the referee. Same, we
need to identify the goal and the ultimate aim for engagement. What kind of
threat actually is in front of us and which kind of weapons we have right now.
Then we list down the weapons we have in our case one country can list down the
digital weapons such as they have good coders, good network engineers, good
ethical hackers, good intelligence analysts etc..
2. So
our first step is over. Finally we identified the problem. Next step is to recruit digital soldiers. Now what
should we consider and what not to before recruiting digital soldiers. Many nations
as well as private organization just hire good hackers which are really not
needed. Rather than hiring real hackers you hire only focused people who are
good learners, cool-calm-collected. Person who are willing to learn and who
have a basic understanding and a little bit of hands on knowledge in your
desired field’s requirement. The main idea is to train them and to make them better
so they will be also thank full to you and they won’t break your trust either.
However if you hire real hackers they may steal your information, they might
have some other vision in their eyes and they can be manipulated by your
opponents.
3. The
next step is which kind of soldiers we need to hire? Make sure you are making
your nation’s cyber army that means you are making a team. Have you ever wondered which kind of soldiers you
really need? Ask yourself whether you need coders, network pentesters, web
application pentesters or reverse engineers? The best way to make your cyber
army is to hire a different kind of variety soldiers. Here is a list of
categories. You need to hire at least 3 soldiers of each category. The more you
need, more you can hire.
·
Coders
·
Cryptologists
·
Hardware Hackers
·
Military IT Professionals
·
Integrated Chip Professional
·
Web Pentesters
·
Network Pentesters
·
Cloud Specialists
·
SCADA & Other System Professionals
·
Mainframe System Professionals
·
Reverse Engineers
·
Malware Analysts
·
Telecommunication Experts
·
IT Security Governance
·
Software Testers
·
Satellite Experts
4. Our
next step is to provide resources for
your army. Now your main job starts. You can choose your own methodology.
But some useful and common methodology is group learning, teaching via foreign
experts through webinar etc. Another important thing is to provide them
resources. Resources can be technical as well as non-technical. Many companies do provide special
laboratories to their army some people provide only corporate office to their
employees. Moreover you need to provide them all tools, OS and each and every
hardware and software they required. As it is very broad term I am leaving it up
to you that how and which kind of resources you are providing to them.
5. Educating
your army once is not a smart thing to do. You have to make them updated via different things. You have to give them new and more weapons
for fighting with cyber bullies. Make your team aware of new and upcoming
hacking or information security conferences. Find other inner circles of
playing around with hacking within it. Those inner circles can be deep web,
hacking forums etc.. Always encourage them to think different and to try a new
experiment with the thing on which they are working.
The recruiter must keep in mind that you don’t need real
hackers you need real quick and effective learners because MOST ATTACKS TECHNOLOGY ARE BEING DEVELOPED TODAY, WONT BE THAT MUCH OF
EFFECTIVE IN UPCOMING YEARS. So you need persons who are always willing to
learn.
Building nation’s cyber army doesn’t depend on only
persons which government or private sector hires. It also involves many roles
within it. Government should do partnership with private security firms because
they are most effective and capable to handle any kind of threat. Also the
government should take one step ahead of foreign expert’s knowledge within
their cyberspace. They have to build a better shield for many vulnerable areas
of their nation such as military, stock exchange, political environment,
Government intelligence. These are very sensitive areas of the nation, once if they are attacked and
exposed anything can be done. They have to develop a tactical shield for attack
& defense both. (Miller) (Tan, 2010)
In a Nutshell
Cyber security is very sensitive area. A Nation must
setup some protocols and they should also make it understand to people for
their nation that, IT IS NOT GAME. Setting up rules and respecting them is more
difficult but essential thing. Be good not to be a bad. Hack to learn, don’t learn to hack.
Bibliography
Abreu, E. (2001, May 09). Cyberattack Reveals
Cracks in U.S. Defense . Retrieved from http://www.pcworld.com/article/49563/article.html
Burkhart, L. A. (2008, 01).
Cyber Attack! - Lessons Learned:Auora Attack. Retrieved from
http://www.fortnightly.com/fortnightly/2008/01/cyber-attack-lessons-learned-aurora-attack
Davis, J. (2007, 08 21). Retrieved
from
http://www.wired.com/politics/security/magazine/15-09/ff_estonia?currentPage=all
Miller, C. (n.d.). Kim
Jong - il and Me :How to build a cyber army to attack the U.S.
Independent Security Evaluators.
Tan, E. (2010, Sep 14). How
to build a cyber army. Retrieved from
http://emilonsecurity.wordpress.com/2010/09/14/how-to-build-a-cyber-army/
The Next Generation Of
CyberCrime : How its evolved; Where it's going. (n.d.). Retrieved from
http://i.dell.com/sites/doccontent/business/smb/sb360/en/Documents/wp-swx-cybercrime-generation.pdf
Wikipedia. (n.d.). Intelligence
- Wikipedia, The free encyclopedia. Retrieved from
http://en.wikipedia.org/wiki/Intelligence
